Richard,
> I looked at the IDScenter config panels today after installing on Win2K.
> It seems there is no socket logging facility available thru IDScenter.
> (i.e. like snort -A unsock ...)
I don't have a windows box handy to verify the following, however I scanned
the source code quickly, and near as I know snort on windows should be able to
use the unsock logging facility.
> Would I need to use command line to use a socket program to capture
> packet data?
My guess is that IDScenter doesn't have the unsock facility as an option.
I checked with Michael, and concluded that Snort on windows has the
unsock alert facility. You need to make sure you create a pipe by
the name of snort_alert (grep UNSOCK_FILE snort.h) that snort can
write to.
Hope this helps.
Roel Jonkman
Security Engineer
http://www.SiliconDefense.com